Use default EC curves instead of all throughout.

2025-12-10 09:49:05 +00:00 · 2017-10-31 04:26:59 +00:00
parent 091fd560f9
commit 41199b7eea
5 changed files with 10 additions and 21 deletions
--- a/scripts/ssl-ccs-injection.nse
+++ b/scripts/ssl-ccs-injection.nse
@@ -120,12 +120,9 @@ local function test_ccs_injection(host, port, version)
      ["ciphers"] = stdnse.keys(tls.CIPHERS),
      ["compressors"] = {"NULL"},
      ["extensions"] = {
-        -- Claim to support every elliptic curve
+        -- Claim to support common elliptic curves
        ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](
-          stdnse.keys(tls.ELLIPTIC_CURVES)),
+          tls.DEFAULT_ELLIPTIC_CURVES),
        -- Claim to support every EC point format
        ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](
          stdnse.keys(tls.EC_POINT_FORMATS)),
      },
    })
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -515,10 +515,8 @@ end
 local function base_extensions(host)
  local tlsname = tls.servername(host)
  return {
-    -- Claim to support every elliptic curve
+    -- Claim to support common elliptic curves
-    ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](sorted_keys(tls.ELLIPTIC_CURVES)),
+    ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES),
    -- Claim to support every EC point format
    ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](sorted_keys(tls.EC_POINT_FORMATS)),
    -- Enable SNI if a server name is available
    ["server_name"] = tlsname and tls.EXTENSION_HELPERS["server_name"](tlsname),
  }
--- a/scripts/ssl-heartbleed.nse
+++ b/scripts/ssl-heartbleed.nse
@@ -76,10 +76,8 @@ local function testversion(host, port, version)
      ["ciphers"] = stdnse.keys(tls.CIPHERS),
      ["compressors"] = {"NULL"},
      ["extensions"] = {
-        -- Claim to support every elliptic curve
+        -- Claim to support common elliptic curves
-        ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](stdnse.keys(tls.ELLIPTIC_CURVES)),
+        ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES),
        -- Claim to support every EC point format
        ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](stdnse.keys(tls.EC_POINT_FORMATS)),
        ["heartbeat"] = "\x01", -- peer_not_allowed_to_send
      },
    })
--- a/scripts/ssl-poodle.nse
+++ b/scripts/ssl-poodle.nse
@@ -177,10 +177,8 @@ end
 local function base_extensions(host)
  local tlsname = tls.servername(host)
  return {
-    -- Claim to support every elliptic curve
+    -- Claim to support common elliptic curves
-    ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](sorted_keys(tls.ELLIPTIC_CURVES)),
+    ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES),
    -- Claim to support every EC point format
    ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](sorted_keys(tls.EC_POINT_FORMATS)),
    -- Enable SNI if a server name is available
    ["server_name"] = tlsname and tls.EXTENSION_HELPERS["server_name"](tlsname),
  }
--- a/scripts/tls-ticketbleed.nse
+++ b/scripts/tls-ticketbleed.nse
@@ -218,10 +218,8 @@ local function is_vuln(host, port, version)
    ["ciphers"] = stdnse.keys(tls.CIPHERS),
    ["compressors"] = {"NULL"},
    ["extensions"] = {
-      -- Claim to support every elliptic curve
+      -- Claim to support common elliptic curves
-      ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](stdnse.keys(tls.ELLIPTIC_CURVES)),
+      ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES),
      -- Claim to support every EC point format
      ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](stdnse.keys(tls.EC_POINT_FORMATS)),
      ["SessionTicket TLS"] = ticket,
    },
  })